惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

小众软件
小众软件
IT之家
IT之家
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Security Archives - TechRepublic
Security Archives - TechRepublic
P
Proofpoint News Feed
C
CERT Recently Published Vulnerability Notes
阮一峰的网络日志
阮一峰的网络日志
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
The Cloudflare Blog
P
Palo Alto Networks Blog
Know Your Adversary
Know Your Adversary
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Cisco Talos Blog
Cisco Talos Blog
L
Lohrmann on Cybersecurity
AWS News Blog
AWS News Blog
J
Java Code Geeks
博客园_首页
Scott Helme
Scott Helme
WordPress大学
WordPress大学
有赞技术团队
有赞技术团队
T
The Exploit Database - CXSecurity.com
Security Latest
Security Latest
V
Visual Studio Blog
Cloudbric
Cloudbric
Jina AI
Jina AI
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
博客园 - 叶小钗
Apple Machine Learning Research
Apple Machine Learning Research
博客园 - 聂微东
人人都是产品经理
人人都是产品经理
A
Arctic Wolf
C
Cybersecurity and Infrastructure Security Agency CISA
S
SegmentFault 最新的问题
The Last Watchdog
The Last Watchdog
SecWiki News
SecWiki News
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
W
WeLiveSecurity
K
Kaspersky official blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Hacker News: Ask HN
Hacker News: Ask HN
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
宝玉的分享
宝玉的分享
Hugging Face - Blog
Hugging Face - Blog
量子位
Google Online Security Blog
Google Online Security Blog
博客园 - Franky
Simon Willison's Weblog
Simon Willison's Weblog
博客园 - 三生石上(FineUI控件)
Recent Commits to openclaw:main
Recent Commits to openclaw:main

Information Age

Is the SaaSpocalypse already over? - Information Age Stopping bad data from becoming bad business - Information Age Google I/O 2026 shows why enterprise AI governance needs an operating model Moving off the cloud – how to get repatriation right The AI inventory is the EU AI Act artefact most teams underestimate Why every organisation needs a minimum viable company strategy Quantum is coming. Here’s what CTOs can be doing today Small Language Models (SLMs) as the gold standard for trust in AI Your employees are waiting for your change programme to blow over How technical debt turns your IT infrastructure into a game you can’t win The business mobility trends driving workforce performance in 2026 Four actions CIOs must take to turn innovation into impact Eliminating blind spots – nailing the IPv6 transition Goodbye Software as a Service, Hello AI as a Service Smart auto-tiering vs. data reduction – logical efficiency vs. architectural efficiency The value of reducing middle office emissions for ESG How to match tech investment with real-world output
From speed to safety – how regulation is reshaping DevOps
Cameron Etezadi · 2026-05-20 · via Information Age

  • The focus for DevOps teams has shifted from how quickly they can deliver to how can they govern increasingly agentic delivery safely, transparently and accountably.
  • The Cyber Resilience Act (CRA) has three expectations: traceability, accountability and incident response.
  • Compliance is becoming an engineering problem in reviewing and governing code at machine scale.
  • The organisations best prepared for this next phase of software delivery will be those that build systems humans can confidently trust, govern, and remain accountable for, as delivery becomes increasingly autonomous. 

For over a decade, DevOps has been defined by one core principle: speed. The ability to ship code quickly, iterate continuously, and respond to user needs in near real-time has become the benchmark of high-performing software teams – made possible by end-to-end ownership and accountability.

But that benchmark is changing. A new wave of regulation in Europe, the Cyber Resilience Act (CRA) and the Product Liability Directive, is introducing stricter expectations around how software is built, deployed, and maintained. Crucially, this legislation is putting the liability back onto engineering teams in charge of deploying software. 

We’re seeing and hearing about more incidents where autonomous AI agents are making errors. Now, new legislation is giving clarity that the responsibility for any errors ultimately sits with human teams. This is forcing organisations to rethink what they ship, as well as how they control, monitor and account for it in production. 

The focus for DevOps teams has shifted from how quickly they can deliver to how can they govern increasingly agentic delivery safely, transparently and accountably.

What we can expect from new regulations

At a high level, regulations like the CRA aim to improve the security and resilience of digital products. In practice, they introduce concrete expectations for engineering teams. Three areas stand out.

  1. Traceability. Organisations must be able to identify what code is running in production, where it originated, and how it has changed over time. This goes far beyond version control. While ITIL has long emphasised CMDBs as a system of record, modern DevOps teams now need a true chain of custody for software delivery – tracking changes, ownership, and provenance from development through to production.
  2. Accountability. There needs to be clear ownership over software components and processes. This means being able to demonstrate who made changes, why they were made, how they were validated and who remains accountable for outcomes – even if those changes were AI-assisted or agent-driven.
  3. Incident response. Teams must be able to detect issues quickly, report them where necessary, and remediate them fast. In highly regulated environments this must be automatic, with little time for manual review or deliberation. Organisations therefore need systems that offer clarity, control and measurable accountability in real-time.

These aren’t box-ticking exercises. They demand a level of operational visibility and control that many organisations still lack.

Why this is an engineering challenge

In the past, regulation may have been viewed as a compliance issue handled by legal or risk teams. But in the age of AI agents, new legislation has made it clear that these requirements sit with engineering.

Software delivery today is highly distributed. Code moves through complex pipelines, across multiple environments, often supported by a fragmented toolchain, and releases are frequent, sometimes continuous. As AI accelerates software creation further, traditional human review processes quickly become bottlenecks.

Many teams still rely on manual processes for approvals, reporting, or rollback decisions, but these approaches no longer scale. As release velocity increases through agentic workflows, manual governance risks becoming an operational and regulatory liability.

As a result, compliance is becoming an engineering problem. The problem is reviewing and governing code at machine scale. While delivery pipelines can be parallelised to support this pace, organisations still need clear visibility into dependencies, ownership, and control across the software lifecycle.

Evolving DevOps for a regulated world

To meet these new expectations, DevOps practices need to evolve. The most effective organisations are embedding compliance into the delivery lifecycle. This builds on the ‘continuous compliance’ practices pioneered during the cloud era, where leading teams used monitoring, observability, and automated remediation to respond to issues in real time.

That starts with integrating security and governance into CI/CD pipelines. Automated checks, policy enforcement, and validation steps ensure that code meets required standards before it ever reaches production.

Visibility is equally important. Teams need real-time insight into what is deployed, how it is performing, and how it relates back to specific changes or features. Without that, accountability becomes difficult to maintain at scale.

Another critical capability is controlled release management. Techniques such as feature flags and progressive delivery allow teams to limit exposure, test changes in production safely, and respond quickly if something goes wrong. Instead of relying on large, high-risk deployments, organisations can manage feature availability dynamically at runtime, enabling faster reactions, incremental change, and rapid rollback when needed.

Finally, there’s a cultural shift. Responsibility for compliance can’t sit with a single team. It needs to be shared across engineering, security, and platform functions, supported by automated guardrails, rather than relying on humans to enforce policy manually after the fact.

Control, visibility, and the ability to act

If there’s one unifying theme across these changes, it’s control. In a regulated environment, it’s no longer enough to deploy code and monitor what happens. Teams need to be able to answer critical questions at any moment: What is currently live? Who approved it? What impact is it having? And if something goes wrong, how quickly can we fix it?

The ability to act and control software in production is just as important as the ability to observe. Fast rollback mechanisms, the option to disable features without redeploying, and tight feedback loops all contribute to reducing risk without slowing delivery.

Done well, these capabilities enable teams to move faster, with greater confidence and less exposure.

A competitive advantage for those who move early

With compliance deadlines approaching, many organisations are still trying to interpret requirements and assess gaps. Those that act early have an opportunity to do more than just meet regulatory standards.

The organisations best prepared for this next phase of software delivery will be those that build systems humans can confidently trust, govern, and remain accountable for – even as delivery becomes increasingly autonomous. 

Success will increasingly depend on teams being able to deliver quickly and safely, with complete confidence in what they’ve put into production.

Cameron Etezadi is chief technology officer at LaunchDarkly.

Read more

From generative to agentic AI – now the real transformation begins – Node4’s Mark Skelton takes us through the move from generative to agentic AI and how to approach it in your organisation

Small Language Models (SLMs) as the gold standard for trust in AI – Stephen Edginton of Dext explains why Small Language Models (SLMs) should be the next stage in your evolving AI strategy

Quantum is coming. Here’s what CTOs can be doing today – Ginna Raahauge of WWT talks us through quantum strategy and what you as a CTO should be doing to prepare your organisation